FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ydong01
Staff
Staff

Description
This article describes how ForitGate use Automation function via webhook to send message to Slack channel, and how to customize information use event log.

Useful link:
Fortinet Documentation:
Webhook action:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/989735/webhook-action

Solution
1) Create New Automation


 
2) Give automation stitch name

 
3) Select Trigger method
 
 
 
4) Select Event
 
 
 
5) Select Action
 
6) Put Slack Channel Information
 

 
 
 
7) Generate Admin login failed event
 
 
 
 
 
c3po-kvm52 # dia de app autod -1
Debug messages will be on for 30 minutes.

c3po-kvm52 # dia de ena

c3po-kvm52 # auto_generate_generic_curl_request()-302: Generating generic automation CURL request for action (webhook2slack).
auto_generate_generic_curl_request()-350: Generic automation CURL request POST data for action (webhook2slack):
{"text": "This is for user - admin login failed as log reason - passwd_invalid, ui = ssh(10.56.246.131) log method - ssh from log srcip - 10.56.246.131 , msg - Administrator admin login failed from ssh(10.56.246.131) because of invalid password"}

auto_generate_generic_curl_request()-400: Generic automation CURL request Host header: hooks.slack.com
auto_generic_curl_request_close()-476: Generic CURL request response body from https://hooks.slack.com/services/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ok
Where is the HTTP body parameter come from?
 
 
 
 
Some old version such as 6.0.5 may met HTTP 400 error, please upgrade to 6.2.2




Contributors